Vincent Arnold

When it comes to the U.S. government’s computer security, we in the tech press have a habit of reporting only the bad news—for instance, last year’s hacks into Oak Ridge and Los Alamos National Labs, a break-in to an e-mail server used by Defense Secretary Robert Gates … the list goes on and on. Frankly that’s because the good news is usually a bunch of nonevents: “Hackers deterred by diligent software patching at the Army Corps of Engineers.” Not too exciting.

So, in the world of IT security, it must seem that the villains outnumber the heroes—but there are some good-guy celebrities in the world of cyber security. In my years of reporting on the subject, I’ve often heard the National Security Agency’s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game. Recently, I called up the secretive government agency and asked if it could offer up a top red teamer for an interview, and, surprisingly, the answer came back, “Yes.”

Source: Popular Mechanics

By Jeremy Kirk, IDG News Service
June 13, 2008

Gary McKinnon could become the first British hacker extradited to the U.S. for allegedly deleting data and accessing information on U.S. military and NASA computers

A British hacker fighting extradition to the U.S. on computer hacking charges is preparing for his final U.K. appeal on Monday in London.

If Gary McKinnon loses this appeal, he would be the first British hacker extradited to the U.S. He could face up to 60 years in prison.

McKinnon, of London, is accused of deleting data and illegally accessing information on 97 U.S. military and NASA computers between February 2001 and March 2002. He’s been charged in U.S. District Court for the Eastern District of Virginia.

McKinnon admitted to using a program called “RemotelyAnywhere” to hack into PCs late at night when employees were gone. His hacking exploits started to unravel after McKinnon miscalculated the time difference between the U.S. and U.K., and one employee noticed their PC was acting oddly.

Read More

On page 18 of the April, 2008 Symantec Global Internet Security Threat Report, there is a chart that lists how much stolen information trades for on the underground market. I think it would be safe to say that $15 for my identity is pretty insulting. It would take a lot more than 15 bucks to get it back.

Gives you an idea of how many identities must already be compromised for the value to be so low.

OTTAWA - The federal government is secretly negotiating an agreement to revamp international copyright laws which could make the information on Canadian iPods, laptop computers or other personal electronic devices illegal and greatly increase the difficulty of travelling with such devices.

The deal could also impose strict regulations on Internet service providers, forcing those companies to hand over customer information without a court order.

Called the Anti-Counterfeiting Trade Agreement (ACTA), the new plan would see Canada join other countries, including the United States and members of the European Union, to form an international coalition against copyright infringement.

Read More

Most of those who come across my blog can tell pretty quickly that data privacy is on the top of my list regarding the field of Information Security. I ran across an interesting article on personal data privacy and ways to help ensure your private, personal data is kept just that, private and personal. Most of the tips are pretty general and fall into the category of common sense. Examples include checking your credit report regularly for unauthorized charges or changes, using an anti-virus program on your computer and not sharing your driver’s license or social security number. Other tips like using TOR to “assist” in “anonymizing” your surfing habits, using an encrypted internet messaging client like Bitwise IM or signing checks with a gel pen are some of the less obvious tips that might be found useful for even those “security conscious” individuals.

50 Tips to help you secure your personal data

Source

Ed Tittel and Kim Lindros
05.08.2008
Rating: -4.83- (out of 5)

For this update to our survey we added only one new vendor-neutral certification, the GIAC Certified Incident Manager, or GCIM. On the other side of the table, numerous items were deleted or removed. 12 full-blown vendor-neutral credentials were dropped for reasons that vary from no information available, to no visible signs of life, to a virus lurking on the program’s home Web page. We can’t take a security program seriously if its operator lets its website attempt to download viruses to its visitors. We also decided to drop individual Brainbench security exams, because they don’t lead to certification in and of themselves, which drops the vendor-neutral count by another 5 items. We also did away with coverage of the GIAC certificate and specialist items to drop another 23 items.

Source

A virus that takes all your important files hostage and then demand money is on the loose according to security experts.

This blackmailer virus uses 1024-bit key to encrypt data on user’s PC and then demands money for decryption key.

According to Kaspersky Lab public should be on the lookout for ransomware virus named “Gpcode” which encrypts your files using an RSA encryption algorithm with a 1024-bit key.

Source

Friday, June 6, 2008; Page A19

So now we know: The price point is $4.

At $3 a gallon, Americans just grin and bear it, suck it up and, while complaining profusely, keep driving like crazy. At $4, it is a world transformed. Americans become rational creatures. Mass transit ridership is at a 50-year high. Driving is down 4 percent. (Any U.S. decline is something close to a miracle.) Hybrids and compacts are flying off the lots. SUV sales are in free fall.

Today, I finally received my MBA/Information Security diploma from James Madison University. I had attended on campus ceremonies the first week of May but after getting the diploma actually in my hand, I have to say, today is a good day.